Cybercriminals Target Young Gamers

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

RSA CONFERENCE 2019 – San Francisco – Children under the age of 12 who play video games have become a prime target for cybercriminals, who are taking advantage of the kids' naivete and susceptibility to influence, according to a new report by Rubica.

Rubica CEO Frances Dewing, who will discuss the report at an RSA session Wednesday afternoon, says parents should look out for free gaming apps, which almost always contain advertisements and in-app purchase or upgrade options.

"An adult consumer expects to be advertised to when using an otherwise free service," Dewing says. "Using advertising or in-app purchasing as a revenue method is a socially accepted practice. However, the problem with free apps targeting children is that studies have proven that children are often unaware that what they are watching or interacting with is an advertisement."

The major app stores do not contain safety ratings that factor in advertising practices or guidelines for parents, guardians, or educators, Dewing adds.

"More concerning in a game or app made for young children is the prevalence of deceptive and inappropriate tactics," Dewing explains. "It's not uncommon for kids' apps to contain aggressive prompts to download other apps that may be age-inappropriate or unlock gates for cybercriminals to access everything from emails to banking apps."

Dewing says there have been numerous cases in which wealthy individuals have lost hundreds of thousands of dollars in hacking cases involving children and video games, though such cases typically do not make the news.

Michael Bruemmer, vice president of consumer protection at Experian, says preying on young children playing video games has become a perfect storm around three trends: the lack of awareness of the children; the exploding world of downloads and apps kids have access to without proper adult supervision; and the unblemished identities of the children.

Threat actors steal the identities of young children to pose as adults and set up fraudulent credit cards and bank accounts.

"There was a case I heard of in which a woman who worked from home had her children download games onto her work computer, only to find out that a bad threat actor had injected keylogging software that stole user name and password information," Bruemmer says. "When the woman planned to make a wire transfer of $28,000, the bad threat actor posed as one of the kids in an email and had the exchange diverted. Fortunately, two-factor authentication software used by the broker intercepted the wire exchange and the fraudulent wire transfer was stopped."

As part of the Rubica study, the company evaluated the top 20 free kids apps on the iTunes and Google Play app stores. A recent Experian report also discusses cyberthreats to the online gaming industry.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

They are a different breed - very skiled at a limited set of functions and live for super high end systems. Beyond that they lack security rules and protocols. I found some great tech info on a gamer site a long time ago - so it can be a good thing but I would rarely put stock into their world. I mostly moved away from Games at the end of the DOOM - HERETIC -HEXEN - DUKE NUK'EM cycle some years ago. DOOM was and still is a great game

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of st...

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.